[Full-disclosure] Most secure internet exploration tool?
tbiehn at gmail.com
Wed Mar 4 03:33:09 GMT 2009
Obviously Internet Explorer on Windows, because it's developed by good
paid developers, not long bearded unix nerds.
On Tue, Mar 3, 2009 at 7:56 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Tue, 03 Mar 2009 19:31:35 EST, bobby.mugabe at hushmail.com said:
>> code execution power hacks, etc). I would like to start a
>> discussion, weighing in every expert opinion on what the most
>> secure web browser is and why.
> Does 'telnet www.example.com 80' or 'netcat' count as a browser? Do
> ascii-only things that only render static html count? Does a mainstream
> You then get to do a similar analysis defining "secure". It isn't a binary
> yes/no - it's a continuum of different issues and relative importance, and
> different people may rank things in different orders. Somebody who is
> responsible for regulatory compliance probably cares more about data exposure
> and identity theft issues - but a browser crash resulting in no data loss
> isn't an issue. Meanwhile, the guy who has to run the help desk cares
> if an issue crashes browsers and generates phone calls (anybody who was working
> in a NOC when Nachi came around knows how fast the costs of an outage can
> pile up, even if no data is permanently lost).
> Gotta draw a boundary box if you want reasonable answers.
>> Also whether or not the underlying
>> operating system matters - is firefox more secure under BeOS than
>> mosaic under IBM's dos?
> Again, you have to make a decision - if an exploit *did* manage to abuse
> a browser's code, but was then foiled by an OS security feature (ACLs, ASLR,
> SELinux, or whatever), does that count as "a secure browser", or "a secure OS"?
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.